DeployHub Plugin
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41235 | 0.00 | — | 0.00 | Sep 21, 2022 | Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | |||
| CVE-2022-36909 | 0.00 | — | 0.00 | Jul 27, 2022 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins… | |||
| CVE-2022-36908 | 0.00 | — | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller… | |||
| CVE-2022-36907 | 0.00 | — | 0.00 | Jul 27, 2022 | A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | |||
| CVE-2022-36906 | 0.00 | — | 0.00 | Jul 27, 2022 | A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | |||
| CVE-2021-21665 | 0.00 | — | 0.00 | Jun 10, 2021 | A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials… | |||
| CVE-2021-21663 | 0.00 | — | 0.00 | Jun 10, 2021 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password… | |||
| CVE-2021-21664 | 0.00 | — | 0.00 | Jun 10, 2021 | An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password… | |||
| CVE-2021-21662 | 0.00 | — | 0.00 | Jun 10, 2021 | A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. | |||
| CVE-2020-2174 | 0.00 | — | 0.00 | Apr 7, 2020 | Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | |||
| CVE-2020-2171 | 0.00 | — | 0.00 | Mar 25, 2020 | Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | |||
| CVE-2020-2170 | 0.00 | — | 0.00 | Mar 25, 2020 | Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability. | |||
| CVE-2020-2156 | 0.00 | — | 0.00 | Mar 9, 2020 | Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. | |||
| CVE-2020-2155 | 0.00 | — | 0.00 | Mar 9, 2020 | Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. | |||
| CVE-2020-2108 | 0.00 | — | 0.00 | Jan 29, 2020 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | |||
| CVE-2019-16571 | 0.00 | — | 0.00 | Dec 17, 2019 | A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | |||
| CVE-2019-16570 | 0.00 | — | 0.00 | Dec 17, 2019 | A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server. | |||
| CVE-2019-16560 | 0.00 | — | 0.00 | Dec 17, 2019 | A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. | |||
| CVE-2019-16561 | 0.00 | — | 0.00 | Dec 17, 2019 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | |||
| CVE-2019-16559 | 0.00 | — | 0.00 | Dec 17, 2019 | A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system. |
- CVE-2022-41235Sep 21, 2022risk 0.00cvss —epss 0.00
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
- CVE-2022-36909Jul 27, 2022risk 0.00cvss —epss 0.00
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins…
- CVE-2022-36908Jul 27, 2022risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to check for the existence of an attacker-specified file path on the Jenkins controller file system and to upload a SSH key file from the Jenkins controller…
- CVE-2022-36907Jul 27, 2022risk 0.00cvss —epss 0.00
A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
- CVE-2022-36906Jul 27, 2022risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift Deployer Plugin 1.2.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
- CVE-2021-21665Jun 10, 2021risk 0.00cvss —epss 0.00
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials…
- CVE-2021-21663Jun 10, 2021risk 0.00cvss —epss 0.00
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password…
- CVE-2021-21664Jun 10, 2021risk 0.00cvss —epss 0.00
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password…
- CVE-2021-21662Jun 10, 2021risk 0.00cvss —epss 0.00
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
- CVE-2020-2174Apr 7, 2020risk 0.00cvss —epss 0.00
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
- CVE-2020-2171Mar 25, 2020risk 0.00cvss —epss 0.00
Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
- CVE-2020-2170Mar 25, 2020risk 0.00cvss —epss 0.00
Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package names in the table of packages obtained from a remote server, resulting in a stored XSS vulnerability.
- CVE-2020-2156Mar 9, 2020risk 0.00cvss —epss 0.00
Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.
- CVE-2020-2155Mar 9, 2020risk 0.00cvss —epss 0.00
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.
- CVE-2020-2108Jan 29, 2020risk 0.00cvss —epss 0.00
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions.
- CVE-2019-16571Dec 17, 2019risk 0.00cvss —epss 0.00
A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
- CVE-2019-16570Dec 17, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins RapidDeploy Plugin 4.1 and earlier allows attackers to connect to an attacker-specified web server.
- CVE-2019-16560Dec 17, 2019risk 0.00cvss —epss 0.00
A cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
- CVE-2019-16561Dec 17, 2019risk 0.00cvss —epss 0.00
Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM.
- CVE-2019-16559Dec 17, 2019risk 0.00cvss —epss 0.00
A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.
Page 1 of 2